The depths of depravity that people will go to cheat you out of your hard owned money knows no limits. Another world crisis engulfs us and we find ourselves in the midst of a new round of scams preying on peoples compassion and generosity the feel for the victims of the war in the Ukraine.
So once again it is time for me to write another blog and reiterate the importance of not only security of your IT systems but also self awareness and basic cyber security skills.
So what are the scammers doing this time? It seems to be an approach across one of three target areas:-
- Donations to a charity supporting the Ukraine relief effort.
- Investment strategies because stock markets are down.
- Scam investments in gold, crypto, foreign currencies to make quick money.
There are others but these seem the main ones.
The art here is to remain vigilant and not to let your emotions take over and you make a mistake. The rules remain the same as always:-
- Confirm 100% that the person sending you the email is legitimate and real.
- Confirm 100% that any links in the email are not dangerous malware.
- Confirm 100% that any business listed in the email is genuine and registered.
- Go back to point 1 and start again…..
It really is all common sense. In reality we probably all have our own charities that we support throughout the year and chances are that one of them actually already is providing support to the crisis in the Ukraine. You can therefore always support them, and if none of your charities do then a few phone calls to them will rapidly throw up a recommended charity to support. Keeping these things to closed networks of people you already know or recommendations from people you trust means you are more unlikely to get scammed.
So that is the emotional side of these scams. Now we can get to the technical side. And again there is nothing here that is too complicated that you or your IT provider cannot do.
First and foremost is to ensure you are restricting any scam / phishing messages you get. With no filters in place you will be bombarded with them to the tune of 100’s a day. You want to aim to get that down to zero a day because at that level it is really hard to fall victim to one.
So here is how you would achieve this:-
- Ask your IT to ensure your email system has SPF / DKIM and DMARC enabled.
- Ask your IT to regularly check your email system to ensure none of your corporate email accounts appeared compromised.
- Ask your IT to ensure every email account has 2FA enabled.
- Ask your IT to ensure your email system has enhanced spam filtering switched on or that the anti-phishing is enabled. This should pick up most of the spam / phishing emails.
- If you are a Windows user then Ensure Microsoft Defender or similar is enabled on your machine.
- Ensure your desktop email has a junk or spam folder implemented. If you do it should catch the majority of remaining spam / phishing emails.
- Be vigilant for any email that makes it to your inbox from someone you don’t know.
If you follow these steps you are significantly reducing the chances of falling victim to a scam. The first 4 should be done by a professional IT Services Provider to ensure that is it all setup correctly.
If your company needs any assistance to ensure your email solution is secure please contact FunctionEight.